There are three main categories of objects that the policy server uses:
You use infrastructure objects throughout a SiteMinder deployment. Infrastructure objects include connections to existing user directories, administrators, Agents, authentication schemes, registration schemes, and password policies.
Infrastructure objects include:
An Agent is installed on web servers, application servers, or other network entities to secure access to resources. Once an Agent is installed on a server, configure a SiteMinder object for the Agent in the Administrative UI.
An Agent group is a Policy Server object that points to a group of Agents. The Agents in the group can be installed on different servers, but all of the Agents protect the same resources. Typically Agent groups are configured in SiteMinder for groups of servers that distribute the workload for access to a common set of resources.
An Agent Configuration Object holds configuration parameters for one or more Web Agents.
A Host Configuration Object holds configuration parameters for the Trusted host.
A user directory in SiteMinder is an object that contains details for connecting to an existing user directory that is external to SiteMinder. User directory connections let you configure a connection to an existing user directory, instead of replicating user information within SiteMinder.
A policy domain is a logical grouping of one or more user directories, administrators, and realms. This Policy Server object is the basis for entitlement data. By creating policy domains, an administrator creates a container for entitlements that surround a particular group of resources (realm), and the users who can access the resources, and the administrator who sets up entitlements.
Affiliate domains are only for legacy federation. An affiliate domain is a logical grouping of SAML affiliates that is associated with one or more user directories and administrators.
Note: For more information about affiliate domains, see the Federation Manager Legacy Federation Guide.
An administrator is an object that contains profile information for a SiteMinder administrator account. Everyone who logs in to SiteMinder is considered an administrator. The privileges and activities of an administrator account vary by administrative role.
An authentication scheme is a Policy Server object that determines the credentials that a user requires to access a protected resource. Authentication schemes are assigned to realms or Applications. When a user tries to access a resource in a realm or Application, the assigned authentication scheme determines the credentials that a user must supply to access the resource.
A registration scheme is a Policy Server object that allows users to register themselves for access to a group of resources on a network and administrators to manage registered users. Registration schemes simplify the task of managing a large user database.
An Agent Type is a Policy Server object that defines the actions and response attributes that a type of Agent supports. For example, Web, Affiliate, RADIUS, or custom.
A SQL Query Scheme is an object that stores SiteMinder SQL queries. These queries are used to retrieve information, such as a list of user groups, from relational databases that are used as SiteMinder user directories.
Password policies are Policy Server objects that contain rules for passwords, including expiration dates, constraints, and composition requirements.
SAML affiliations are only for legacy federation. A SAML affiliation is a group of SAML 2.0 entities that share a name identifier for a single principal.
Note: Note: For more information about SAML affiliations, see the Federation Manager Legacy Federation Guide.
A Trusted Host object represents the client component that connects to the Policy Server.
|
Copyright © 2012 CA Technologies.
All rights reserved.
|
|